Mail Archives: cygwin/2002/11/06/17:26:15
Thanks very much for the help! This did it:
chmod 755 $HOME/.ssh
chmod 644 $HOME/.ssh/authorized_keys*
I had $HOME set to 700 and authorized_keys* to 600 before and that
somehow broke RSA authentication - it is odd that stricter permissions
would cause that. I suppose this is because the SYSTEM or sshd user need
to read the keys and cannot without the appropriate privileges.
Thanks again.
Antonio
On Tue, 2002-11-05 at 18:55, Harig, Mark A. wrote:
> I am able to use SSH with public/private-key files.
> ssh is working on Cygwin, both as a client and
> as a server, at least on Win2K.
>
> # Cygwin version:
> $ uname -r
> 1.3.14(0.62/3/2)
>
> # Windows version:
> $ uname -s
> CYGWIN_NT-5.0
>
> # ssh version
> $ ssh -V
> OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090607f
>
> My guess is that your problem is related to file/directory
> permissions. One permission problem I found is that
> 'ssh-keygen' creates a ~/.ssh directory (if you don't
> have one already) with permissions set to 700. I found
> that I had to change these to 755.
>
> Here are the file permissions you should check:
>
> 1. $HOME - Your home directory should be set to 700.
> Only you need access to your home directory.
>
> 2. $HOME/.ssh - Try setting this to 755.
>
> 3. $HOME/.ssh/authorized_keys* - Turn off write
> permission for anyone other than you, turn on
> read permission for everyone. One possible
> setting for this is:
>
> $ chmod 644 $HOME/.ssh/authorized_keys*
>
> Of course, only 'identity.pub' keys should be
> in 'authorized_keys' and only 'id_rsa.pub'/id_dsa.pub'
> should be in 'authorized_keys2', depending upon
> the type(s) of encryption you chose.
>
> 4. $HOME/.ssh/<private keys> -
> Of course, only you should have any permissions
> for your private key files 'identity', 'id_rsa',
> or 'id_dsa' (you need at least one of these).
>
> $ chmod 600 identity (or id_rsa or id_dsa, etc.)
>
>
> > -----Original Message-----
> > From: Antonio Bemfica [mailto:antonio AT axolotl DOT ic DOT gc DOT ca]
> > Sent: Tuesday, November 05, 2002 5:32 PM
> > To: cygwin AT cygwin DOT com
> > Subject: Is RSA authentication on SSH still broken?
> >
> >
> > Hello
> >
> > Could someone clarify whether RSA authentication is still not possible
> > when running SSH as the SYSTEM user? I have Cygwin 1.3.14-1
> > and OpenSSH
> > 3.4p1-5 and can only login via password authentication (I am familiar
> > with the process to effect RSA authentication under Unix). I have also
> > tightened permissions on the key files, home directory, etc.
> >
> > The /usr/doc/Cygwin/openssh-3.4p1-5.README file mentions that "The
> > following restrictions only apply to Cygwin versions up to 1.3.1" - is
> > it safe to assume that I should be able to get it running, since I am
> > using 1.3.14-1? I will stop trying otherwise!
> >
> > Thanks a lot for the help.
> >
> > A.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -